CVE-2021-47266

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0-rc1+

Description The issue arises when an IPoIB device is moved to a non-initial network namespace and that namespace is then destroyed. Instead of moving the device back to the initial namespace, it vanishes due to default device exit() skipping interfaces with rtnl link ops set. This can lead to a warning and potentially a kernel panic on shutdown due to a NULL pointer dereference. The problem can be reproduced by running the commands ip netns add foo, ip link set mlx5 ib0 netns foo, and ip netns delete foo. To avoid this issue, the netns refund flag, introduced by commit 3a5ca857079e, should be set to properly restore IPoIB interfaces to the initial namespace.

Recommendations To resolve the issue, ensure that the netns refund flag is set for IPoIB devices when moving them between network namespaces. This can be achieved by applying the patch introduced by commit 3a5ca857079e or by updating to a Linux kernel version that includes this fix. As a temporary workaround, consider avoiding the destruction of non-initial network namespaces that contain IPoIB devices to minimize the risk of exploitation.